This document will cover two quick ways for figuring out the numbers behind subnetting. The first way involves making a simple chart, the second way uses simple math that most people can do in their head, at least for smaller numbers. The first way is recommended for any exams, or times when you need to do a lot of subnetting quickly. The second way works best if you just need to know one or two examples, or to check your work from the chart.

Pre-requirements:

This document does not tell you what subnetting is, nor does it tell you why you subnet. It also does not cover binary math except for a brief review. So to use this document, you must understand the following:

1) How to convert decimal to binary
2) How subnets and subnet masks work
3) The basic subnetting rules, such as broadcast addresses and network addresses

Introduction to Binary Math:

This is a very quick and dirty introduction to binary math, included for completeness of this paper. It should only be used as an introduction to binary, or to help solidify knowledge. It should not be used as a primary source of knowledge. In other words, please look up other sources to learn more on binary. The Additional Reading section will show you more.

Binary math is based on 2, but it only shows 0 and 1ís. A single binary bit can be a 0 or 1, and can only represent a 0 or 1. With two bits, it can show 4 numbers, 0, 1, 2, or 3. The max value of a number follows the formula 2^n-1, so for example,, 2^8-1 is 255. So 8 bits, or one byte, has a value range of 0 ~ 255.

The simple way to figure out a binary number, starting from the right, and working from the left, write a one, then double it each time moving left, till you have 8 numbers. The chart will end up looking like this:

128 64 32 16 8 4 2 1

These are the values of the binary digits in each spot. For example, 00000100 has a four where the bit is set to 1. So the total value of the binary number is 4. The number 11111111 has ones for every number, so itís value is 128+64+32+16+8+4+2+1, or 255.

Subnetting process:

Part 1) Introduction to the processes covered in this document.

I will be covering two different subnetting processes. The first one takes a bit of time, as itís a fairly large chart you have to write out. The second way needs no setup, itís simple subtraction and division. However, for large subnets (510+ hosts) or large numbers of subnets (again, 510+) you may need scrap paper.

Part 2) Chart-Based Subnetting

If you ask any game programmer whatís the fastest way to compute something, heíll say to pre-compute it. The idea of lookup tables, or figuring out the hard math one time, before you need too, can be applied to many things in life. Timed Cisco and CompTIA exams are two of them.

When you take exams you are not allowed to bring in any of your own paper or the like, but they hand you paper to use while in the exams (Or, dry-erase markers like at my exam place). Many people do a ďbrain dumpĒ where they write down all the things they can think off of the top of their head. This process gave me the idea, if I could memorize a subnetting chart, I could really reduce the time needed for subnetting questions. So, I started writing down all the math I could think of that would help me, the powers of 2, the different valid subnet masks (thereís nine different values per octets that you can have) and the binary values of these masks. Then I sorted it, and came up with a chart like this:

While this chart may seem complex, and it may seem like you canít make it while in the exam, itís actually just built from some simple math. Thereís seven steps to making the chart, so letís start now...

Part 2a) Available masks.

There are nine valid numbers that can be in a subnet mask, 0, 128, 192, 224, 240, 248, 252, 254, 255.How do we get these numbers? Well, remember the numbers used in binary math:

Code:

128 64 32 16 8 4 2 1

Well, if you have 0 bits set aside for the subnet inside that octet, then the mask would be 0. If you have 1 bit, then you would have 128 for the mask. (Remember the basics of subnetting, networks start on the LEFT and move right. By adding a bit to the network side, it moves down the line) So if you have two bits for the subnet mask, it would look like this:

Code:

128 64 32 16 8 4 2 1
1 1 0 0 0 0 0 0

Or, in other words, 128+64. 128 + 64 = 192. Three bits? 128+64+32, or 192+32, or 224. This is how we get the first column on the chart, by figuring out all the valid subnet masks. After a while youíll just remember them, but when you start out, you may need to do a little figuring off to the side.

Before you begin, you should also note that, while there are nine values for the subnet masks, only eight are in the chart. I skipped the 0 mask, since itís overlapped by the 255. If you have a subnet mask of 255.255.0.0 then you have both 0 and 255, I just decided to use the 255 in the B class, rather then the 0 of the C class.

So, the chart will have 8 rows of data. First column is a list of all subnet masks. Keep the binary number chart in mind when you do this. First number is 128. Then, below the, add the next number, 64, for 192. Then add 32, for 224. Then 16, for 240. Then 8 for 248, until you have all 8 subnet masks. Too much thinking? Well, letís take a break from thinking and do an easy step, step 2.

Part 2b) Network bits

The second section on the chart shows you how many bits are used per mask.. For example, 128 uses 1 bit, so itís written in binary as 10000000. 192 uses two, 11000000. To make it simpler to read, I just included the 1ís, or the bits used for the network. And since each number down the line uses one more bit, this is very easy to make. Just put down one 1 for 128, then two for 192, three for 224, on down to eight for 255 (255 mask uses all 8 bits for the network part of the mask). When I write it, I put a space every 4 bits, to make it quicker to read. So six bits active in the network mask would show up as 1111 11. So after this set, your chart looks like this:

This part forms a second sub-chart. I like to write out the powers of 2, generally up to 16. This helps with a lot of math, since finding the number of valid hosts is 2^(Number of host bits)-2. And powers of two are simple to do, if you do them in a row. If someone asked you, whatís 2 to the power of 17, how long would it take you? If someone asked you whatís 65536 * 2, think you could do it faster? I know I sure could.

So thatís ALL you have to do, write down a 2, then each line, double it. so you get a chart like this:

Simple? If you REALLY want, you can go up to the powers of 32, but not only is that kind of silly, and takes a long, long time, the higher numbers are NOT valid in subnets. How often do you see a network 10.0.0.0/7 ? So, 16 bit is a good place to stop. 24 bit would be the highest you should even think about going. So youíve got your nice chart, and can now do 2^1 up to 2^16 with a glance, now we need to move on to the next part of the chart, networks.

Part 2d) Networks

Before we go on, thereís something you need to keep in mind. If you have 4 bits set aside for the subnet, how many networks do you have, 2^4, or 2^4-2 ? Or even 2^4-1 ? Well, depending on the network, all three can be valid. Most people go by the -2, where it removes subnet zero and the all ones subnets. But on most new equipment, both subnets are valid. If you do a show run command on the Cisco router, you will see the current status of subnet zero, if enabled or disabled on that router.

So for this part of the chart, weíll use networks = 2^(bits)-2. So the first mask, 128, has 1 bit set aside for networks. This would be 255.255.255.128 when used with a class C address, such as 192.168.0.0 (If it was a B class network, like 172.16.0.0, then 255.255.255.128 would have 9 bits for the subnet, not 1. 1 bit mask for a class B address is 255.255.128.0. 1 bit for a class A is 255.128.0.0)

Since the 128 mask has 1 bit, we look up on the chart 2^1, and thatís 2. 2-2 = 0, so we write that down. Keep that in mind, 128 is not a valid subnet when youíre not using subnet zero and all ones subnet, since thatís all thatís generated, a zero subnet and an all ones subnet. If you can use these subnets, then 128 is valid in network masks.

Below 128, the next mask is 192. This has 2 bits, so we look up the power of 2 on the chart, itís 4. 4-2 is 2. And we move on to 224, with three bits. 2^3 is 8, 8-2 is 6, so 6 networks. We repeat this till we get to 255 mask, with 8 bits, thatís 256 -2, or 254 valid hosts per network. A standard class C network.

While you could stop, I like to at least cover subnets up to 16 bits, meaning one more pass. After the 0 on the 128, put a slash ( / ) and then find the number for 9 bits (8+1). Thatís 512-2. Keep in mind, when you write the chart, the first number is when you have 1~8 bits, the second number is 9~16. Iíll cover this more in the usage section of the cart.

So, you follow the chart you wrote for the powers, subtracting two from each one, until you once again hit 255, this time with 65,534. At this point your chart looks like this:

Now that itís time to move onto the host section, we have three easy steps. The first one, writing the host bits, is just putting the 0ís down where the bits used for the hosts are in the net mask. For example, in 128, the mask is 10000000, and since all 0ís are for the hosts, you put on the chart 000 0000. Then each line, you remove one, until on 255 you have nothing to write. Like this:

Code:

000 0000
00 0000
0 0000
0000
000
00
0

If you look, this should match up with the 1ís bits in the network portion. For example, the 224 mask has 111, and 0 0000. Thatís eight total bits, three for the network, and five for the hosts. The last one, 255, will have no bits, while all the network masks has at least one bit. This is because of the overlap of 0 and 255 masks. If we had done the 0 mask, it would have been above the 128 line, with no bits for the network, and eight 0ís for hosts, or 0000 0000. Meaning all bits for this part is dedicated to the host.

Part 2f) Number of Hosts

Finding the number of hosts is easy, cause you already did the math. The number of hosts is 2^(Host bits)-2. The same thing as the network side, just as the network moves up, hosts move down. So, starting with 255 and moving up, you write the number of hosts per network. The first line is the dual duty 255/0 line, so itís a bit special. You have 0 bits set aside for hosts, meaning you can not have this as a network. so we just put an X there for now. Nest up, the 254 line. We have 1 bit for the hosts. If you look at the 128 line for networks, you see that it also has 1 bit. 2^1-2 = 0, so this mask has 0 hosts. On to the 252 mask, we have two bits for hosts, and if we look at the network side, three bits is 6 networks, and for us, 6 hosts.

So, to make this side quickly, you just place an X on the last one, 255, then moving up, you copy the network numbers down. As you move up the hosts column, you move down the network column, until you hit 126 hosts. The next line, 254, you wrap around and place it behind the X, like this:

So, why do these numbers not line up right? Simple, itís cause weíre not showing the 0 mask line, remember. Since the data would be the same as 255, we skip it, but if we did show it, the chart would look like this:

See the pattern now? The 0 line wouldnít have served any point, so we skipped writing it, to make things go a bit quicker. So, to finish the host section of the chart, just finish copying the numbers till you get to 32,766. Your finished chart should look like this:

Ever seen an IP address written as 192.168.0.0/27 ? That network has 30 hosts on it per subnet, 6 subnets if you donít count the two special ones. Itís subnet mask is 255.255.255.224. Took me about 3 seconds to find that out on the chart. The final part of this chart, the CIDR numbers. These are easy, all you have to do is write a 1 for the first net mask, 128, then a 2 for the next one, 192, down to 8 for 255. Then back to 1, place a /, then go from 9 down to 16. Start back up to the top again, and repeat until you have all 32 numbers done. Now, finally, you finished all the steps, and have finished your chart.

Using the chart is pretty easy, but since subnetting questions can take so many forms, you need practice. Say your question is, what is the subnet for the 192.168.0.0/27 network?

Well, simple, you find /27 in the net mask section, and see itís 224. Also, look how the net masks are setup, thereís 4 sections per numbers. The section with the number is where the split between hosts and networks takes place, so anything to the left is all 255ís, and anything to the right is 0. so it the mask it /22, then you have a 255.255 to the left, and a .0 to the right, and the number where the split it, you get that from the far left of the chart, 252 for the /22 network. Letís try another one, /17. Itís in 1/9/17/25, the third space. So we know just at a glance itís 255.255.?.0. Check the far left of the chart, 128. so /17 is 255.255.128.0.

Next question you get, same network, 192.168.0.0/27. How many hosts per subnet, and how many subnets are in each network? You check out where /27 is on the chart, and you see that the first section is 6 for networks, and 30 for hosts. And thatís the right answer.

But, how did you know to pick six, and not 2,046? The first number is used when you have eight or less bits for the host\network, the second is used for 9~16 bits. How you tell? Well, remember this chart is just for helping speed things up, you still have to know some for yourself. If itís a class C address, 192.0.0.0~223.255.255.255, then it will always be 8 or less bits in the mask. So only class A and B addresses do you have to worry.

Class B addresses, 128.0.0.0~191.255.255.255, have a default subnet mask of 255.255.0.0. So if you get a class B address, and itís a 255.255.255.x mask, then more then eight bits is used in the network section. This means for the network section, you need to use the second set of numbers. For the hosts, you still need to use the first set of numbers. Example: 172.16.8.0/26. Itís a class b network, but using a class c net mask, meaning that is has more then eight bits for networks. 1,022 networks, 62 hosts per network.

Class A addresses, 1.0.0.0~ 126.0.0.0, have a net mask of 255.0.0.0. So, how many hosts and subnets in 10.1.0.0/24 ? Well, the subnet mask is 255.255.255.0, itís using more then 8 bits. Itís using 16 bits, the highest we bothered to make on our chart. A quick look at /24 shows us that is has 65,654 networks, and 254 hosts per network (If you get the X and itís a valid subnet mask, skip the X to the next number, 256 in this case). Itís rare youíll see a class A network on an exam question, just due to the huge numbers you get when working with the math. Anything higher then /24, or lower then /16, and this chart canít do it, you would have to expand it beyond the powers of 16. It also means youíll have 131,070 subnets, or 131,070 hosts on one network. Not often that you will encounter that on an exam...

Next example, 192.168.5.67/ 27 is on what network? This type of question is a bit harder to figure out, you would need to take the subnet mask, and AND it to the IP address. /27 is a subnet mask of 255.255.255.224, so we know 192.168.5 is part of the network address, but we need the last one. If you wanted to AND them out by hand, you would convert 67 to binary, convert 224 to binary, and convert the result back. The chart can even help, as it has the binary number of 224 right in it. However...

While we know that a /27 has 30 hosts per network, it uses 32 IP addresses per network, one used by the network address, one for broadcast address. This means that each network is a block of 32 IP addresses, or listed number of hosts, plus two. So subnet zero uses 32 addresses, 192.168.5.0~192.168.5.31. The first ďvalidĒ subnet is 192.168.5.32~192.168.5.63 (NOTE: Subnet zero is a valid subnet in most installs, but most books say itís not valid, or wonít even cover it. Even finding for sure if itís valid on Cisco exams can be a pain. For more info on this, check the notes at the end of this document.)

In this example, the block size is 32 for each network. To find the network of 192.168.5.67, you find out what block itís between. The closest multiple of 32 thatís LESS then 67 is 64. So itís on the 192.168.5.64 network. If you want math, divide 67 by block size (32), drop any remainders. For example, 67/32 = 2. Then take this, and times it by block size, 32*2 = 64. You really wouldnít even need all these steps, since when you do the division, you already know 32*2, thatís how you find the remainder.

Another example of the same type: 172.16.96.34 255.255.240.0 is on what network? Well, looking at the subnet mask, we know 172.16.?.0 so far, just need the C section. So we need to find the block size of 240. 240 lists 14 hosts, 14+2 = block size of 16. 96/16 = 6 even. So 96 is on the 96 network address. Note: this may seem wrong, since thereís no bits left over for the host address, but remember, you have another section with host bits, the D section. So 172.16.96.0 is NOT a valid host address, itís a network address, but our address, 172.16.96.34 is valid, and itís on network 172.16.96.0.

Now for the longest type of question you may encounter. Given 192.168.5.0/26 network, what are ALL the valid subnets. Show Network addresses, host range, and broadcast addresses. Include subnet zero and the all ones subnet.
Sounds like fun? Well, we know the first address in subnet zero is 192.168.5.0. To find the broadcast address, we need to find the network address of the next network, and subtract one. And to find the next network broadcast address, we need to find block size once again./26 is a 255.255.255.192 subnet mask, with 62 hosts per subnet, or a block size of 64. The block size is also always the network address of the first subnet after subnet zero. So we know that the network address of the next subnet is 192.168.5.64, so the broadcast address of our network is 192.168.5.63. The host range is all numbers between network and broadcast, so in this case, 192.168.5.1~192.168.5.62. So hereís what we know so far:

And we just have to repeat this till we get them all. Looking at the chart, you will see /26 has 2 valid subnets, plus the network 0 and all ones subnet make it four total networks to list. So this Process wouldnít take too long. Each network address is just 64 more then the last, 0,64,128,192. Add 64 to 192, you get 256, an invalid address. So the four network addresses, 0,64,128,192. The broadcast of 0 network is the next network (64) minus 1, or 63. broadcast of 64 is 128-1, or 127. Broadcast for 192 is 255. (Last one is always 255, or 256-1). Host ranges for these networks are the numbers between host and broadcast.

This should cover anything you need to know on usage of the chart. So now itís on to the second way, based on the 256 rule.

Part 3) 256 Rule

The 256 rule is a nice subnetting rule. When I first made a subnetting chart, I never knew about it, and never noticed it until after I was using the chart for months. I guess this is a good thing, as the chart is still faster for exams, but I never would have made it if I had known this rule.

The 256 rule is simple, you subtract the subnet mask from 256 to get the block size. For example, 255.255.255.240 has a block size of 256-240, or 16. Meaning the first subnet after the zero subnet is 16, second subnet is 32, first subnets broadcast is 31, host ranges 17~30. Thatís it, done.

While the 256 rule is simple to do, sometimes it can get tricky. How many hosts can you get on the network this host is on: 172.16.56.34/23. Well, first step, you need to convert /23 into a subnet mask. If you have the chart, this is simple, just find /23. Without the chart, you have to count. 8,16 and 24 are the ďevenĒ subnet masks, 255.0.0.0, 255.255.0.0, 255.255.255.0. Since we know 23 is more then 16, and less then 24, we know itís 255.255.?.0 mask. What you have to do, is know the valid subnet mask numbers by heart, or be able to figure them out: 0,128,192,224,240,248,252,254,255. /8,/16 and /24 all give you a 0 subnet mask (and 255 on the one before). Add one, /9,/17,/25, you get 128 mask. and just keep going on your counting.

Since we know /24 is 255.255.255.0, you can take a short cut, and use one lower mask. /23 is 255.255.254.0. Now we take the 256 - 254, and we have a block size of 2. The first network is 172.16.0.0 and the second one is 172.16.2.0, up to 172.16.56.0, where our host is on.

You may be thinking, well, block size is 2, subtract the network address and the broadcast address, 2-2 = 0, so something is invalid. Well, it would be, if it wasnít for the 8 host addresses to the left of it. So the address of the next network is 172.16.58.0, so take one step back, the broadcast address of our 56 network is 172.16.57.255, not 172.16.57.0 like you may have been thinking. Valid host ranges on out network is 172.16.56.1~172.16.57.254. Rather then counting them, you know that thereís 2 in the block size of the c part of the address, 56 and 57, and thereís 256 addresses in each of them, so 256*2 = 512, - the network and broadcast, 510 host addresses. Like I said, anything larger then 510 you may need scrap paper, but any masks of /24 or more, this 256 rule is great.

All works on this paper
Copyright (c) 2005-2006 Robert H. Williams III
Permission is granted to http://www.security-forums.com for use.
This paper may not be edited or reposted without permission.
If you would like to post this paper on your site,
please contact me at ozzy_1996-at-yahoo.com

Last edited by Ozzy_98 on Fri Jun 16, 2006 8:11 pm; edited 3 times in total

Brilliant!
"...again hit 255, this time with 66,534..." where you mean 65,534 of course.
In the 256 rule part you say:
"The first network is 172.16.0.0 and the second one is 192.16.2.0, up to 172.16.56.0...", obviously you meant 172, not 192.

Err... umm...

It's using the new math standard, IEEE 12345-6. The rule is 5 before 6, except after 6, or when adding to 9 such as in 5+4 or 4+5.

...

I also need to type up a quick bit for the 256 rule for subnets with more then 256 hosts in them. To do them, you just do the normal 256 rule on the 3rd octet, for example 255.255.240.0, you have 256-240, or 16. Then you take the 16, and rather then subtracting the broadcast and network numbers for 14 hosts, you multiply it by 256, and then subtract the 2, so it's 16*256-2, or 4,096-2, or 4,094.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forum

Featured Links*

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!View a sample newsletter.